CVE-2010-4574 - OpenCVE

The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does not properly perform pointer arithmetic, which allows remote attackers to bypass message deserialization validation, and cause a denial of service or possibly have unspecified other impact, via invalid pickle data.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Chrome Chrome Os
Linux	Linux Kernel

Configuration 1 [-]

AND

OR	cpe:2.3:a:google:chrome::::::::
	cpe:2.3:o:google:chrome_os::::::::

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:x64:*

No data.

References

Link	Providers
http://code.google.com/p/chromium/issues/detail?id=56449
http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html
http://secunia.com/advisories/42648
http://src.chromium.org/viewvc/chrome?view=rev&revision=68033
http://www.gentoo.org/security/en/glsa/glsa-201012-01.xml
http://www.securityfocus.com/bid/45390
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14141

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-12-22T00:00:00

Updated: 2024-08-07T03:51:17.692Z

Reserved: 2010-12-21T00:00:00

Link: CVE-2010-4574

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2010-12-22T01:00:03.000

Modified: 2020-07-31T11:18:20.397

Link: CVE-2010-4574

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-12-13T00:00:00", "descriptions": [{"lang": "en", "value": "The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does not properly perform pointer arithmetic, which allows remote attackers to bypass message deserialization validation, and cause a denial of service or possibly have unspecified other impact, via invalid pickle data."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html"}, {"name": "42648", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42648"}, {"name": "oval:org.mitre.oval:def:14141", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14141"}, {"name": "45390", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/45390"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://src.chromium.org/viewvc/chrome?view=rev&revision=68033"}, {"name": "GLSA-201012-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-201012-01.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://code.google.com/p/chromium/issues/detail?id=56449"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-4574", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does not properly perform pointer arithmetic, which allows remote attackers to bypass message deserialization validation, and cause a denial of service or possibly have unspecified other impact, via invalid pickle data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html"}, {"name": "42648", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42648"}, {"name": "oval:org.mitre.oval:def:14141", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14141"}, {"name": "45390", "refsource": "BID", "url": "http://www.securityfocus.com/bid/45390"}, {"name": "http://src.chromium.org/viewvc/chrome?view=rev&revision=68033", "refsource": "CONFIRM", "url": "http://src.chromium.org/viewvc/chrome?view=rev&revision=68033"}, {"name": "GLSA-201012-01", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-201012-01.xml"}, {"name": "http://code.google.com/p/chromium/issues/detail?id=56449", "refsource": "CONFIRM", "url": "http://code.google.com/p/chromium/issues/detail?id=56449"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:51:17.692Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html"}, {"name": "42648", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42648"}, {"name": "oval:org.mitre.oval:def:14141", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14141"}, {"name": "45390", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/45390"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://src.chromium.org/viewvc/chrome?view=rev&revision=68033"}, {"name": "GLSA-201012-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-201012-01.xml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://code.google.com/p/chromium/issues/detail?id=56449"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-4574", "datePublished": "2010-12-22T00:00:00", "dateReserved": "2010-12-21T00:00:00", "dateUpdated": "2024-08-07T03:51:17.692Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "CAE3A3E5-B389-4490-B9F6-46649D233AAD", "versionEndExcluding": "8.0.552.224", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "8AB5D23C-4D50-4643-8BDF-B21F32EE0D0B", "versionEndExcluding": "8.0.552.343", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:x64:*", "matchCriteriaId": "71BFBE5F-56EB-45C9-B558-FC4D7CEA345A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does not properly perform pointer arithmetic, which allows remote attackers to bypass message deserialization validation, and cause a denial of service or possibly have unspecified other impact, via invalid pickle data."}, {"lang": "es", "value": "La funci\u00f3n Pickle::Pickle en base/pickle.cc de Google Chrome anterior a v8.0.552.224 y Chrome OS anterior a v8.0.552.343 en plataformas Linux de 64-bit no realizar correctamente la aritm\u00e9tica de punteros, lo cual permite a los atacantes remotos evitar la validaci\u00f3n de mensajes deserializaci\u00f3n, y causar una denegaci\u00f3n de servicio o posiblemente otro impacto no especificado, a trav\u00e9s de datos no v\u00e1lidos."}], "id": "CVE-2010-4574", "lastModified": "2020-07-31T11:18:20.397", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-12-22T01:00:03.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://code.google.com/p/chromium/issues/detail?id=56449"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/42648"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://src.chromium.org/viewvc/chrome?view=rev&revision=68033"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.gentoo.org/security/en/glsa/glsa-201012-01.xml"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/45390"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14141"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}